Loren Data's SAM Daily™

FBO DAILY - FEDBIZOPPS ISSUE OF DECEMBER 25, 2014 FBO #4779
MODIFICATION

R -- Subject Matter Expert/Consultant Services for the Center of Veterinary Medicine (CVM) - Amendment 1

Notice Date

12/23/2014
 

Notice Type

Modification/Amendment
 

NAICS

541690 — Other Scientific and Technical Consulting Services
 

Contracting Office

Department of Health and Human Services, Food and Drug Administration, Office of Acquisitions and Grants Services, 3900 NCTR Road, HFT-320, Bldg 50 | Rm 421, Jefferson, Arkansas, 72079, United States
 

ZIP Code

72079
 

Solicitation Number

FDA-15-1138367
 

Archive Date

1/13/2015
 

Point of Contact

Tammy L. Wright, Phone: 2404027587
 

E-Mail Address

tammy.wright@fda.hhs.gov
(tammy.wright@fda.hhs.gov)
 

Small Business Set-Aside

Total Small Business
 

Description

Instruction to Offerors Evaluation Factors CLIN/Price Worksheet Condentiality of Information Contract Data Administration Deliverables Table SOW This is a combined synopsis/solicitation for commercial items prepared in accordance with the format in Subpart 12.6, as supplemented with additional information included in this notice. This announcement constitutes the only solicitation; quotes are being requested and a written solicitation will not be issued. The solicitation number is FDA-15-1138367, which is issued as a Request for Quotations (RFQ). The solicitation document and incorporated provisions and clauses are those in effect through Federal Acquisition Circular (FAC) 2005-79, dated December 15, 2014. The associated North American Industry Classification System (NAICS) Code is 541690 - Other Scientific and Technical Consulting Services. The Small Business size standard is $15 million. This procurement is total set aside for Small Businesses. The following attachments are incorporated within this Combined Synopsis/ Solicitation: ATTACHMENT A - Statement of Work ATTACHMENT B - Deliverables ATTACHMENT C - Contract Data ATTACHMENT D - Confidentiality of Information ATTACHMENT E - Evaluation Criteria ATTACHMENT F - Instruction and Evaluation All work shall be performed primarily on-site at the Center of Veterinary Medicine (CVM) office, located at 7500 Standish Place, Rockville, MD 20855. The anticipated period of performance for this contract will consists of a base and four (4) twelve (12) month options as follows: Base Year: January 1, 2015 through December 31, 2015 Option Year 1: January 1, 2016 through December 31, 2016 Option Year 2: January 1, 2017 through December 31, 2017 Option Year 3: January 1, 2018 through December 31, 2018 Option Year 4: January 1, 2019 through December 31, 2019 The provisions of FAR 52.212-1, Instructions to Offerors-Commercial Items (Apr 2014) applies to this solicitation. The provision of FAR 52.212-2 Evaluation-Commercial Items applies to this solicitation. The Government will award a contract resulting from this solicitation to the responsible offeror whose offer conforming to the solicitation will be most advantageous to the Government, price and other factors considered. The following factors will be used to evaluate offers: technical capabilities, past performance and price. Technical and past performance, when combined, is more important than price. The provisions of FAR 52.212-3 Offeror Representations and Certifications-Commercial Items (NOV 2013), applies to this solicitation. An offeror shall complete only paragraphs (b) of this provision if the offeror has completed the annual representations and certificates electronically via https://www.sam.gov/portal/SAM/#1. The provisions of FAR 52.212-4 Contract Terms and Conditions-Commercial Items, applies to this acquisition, along with the additional information contain in ATTACHMENT 3 - Contract Data. The provisions of FAR 52.212-5 Contract Terms and Conditions Required To Implement Statutes or Executive Orders-Commercial Items, applies to this acquisition The following additional FAR clauses cited by reference in this clause are applicable: FAR 52.203-6 Restrictions on Subcontractor Sales to the Government (Sept 2006), with Alternate I (Oct 1995) FAR 52.203-13 Contractor Code of Business Ethics and Conduct (Apr 2010) FAR 52.204-10 Reporting Executive compensation and First-Tier Subcontract Awards (Jul 2013) FAR 52.209-6 Protecting the Government's Interest When Subcontracting with Contractors Debarred, Suspended, or Proposed for Debarment (Aug 2013) FAR 52.209-9 Updates of Publicly Available Information Regarding Responsibility Matters (Jul 2013) FAR 52.216-31 Time-and-Materials/Labor-Hour Proposal Requirements-Commercial Item Acquisitions (Feb 2007) FAR 52.219-4 Notice of Price Evaluation Preference for HUBZone Small Business Concerns (Jan 2011) FAR 52.219-6 Notice of Total Small Business Aside (Nov 2011) FAR 52.219-8 Utilization of Small Business Concerns (May 2014) FAR 52.219-14 Limitations on Subcontracting (Nov 2011) FAR 52.219-28 Post Award Small Business Program Re-representation (Jul 2013) FAR 52.222-3 Convict Labor (June 2003) FAR 52.222-17 Employment Reports on Veterans (Jul 2014) FAR 52.222-19 Child Labor-Cooperation with Authorities and Remedies (Jan 2014) FAR 52.222-21 Prohibition of Segregated Facilities (Feb 1999) FAR 52.222-26 Equal Opportunity (Mar 2007) FAR 52.222-35 Equal Opportunity for Veteran (Jul 2014) FAR 52.222-36 Equal Opportunity for Workers with Disabilities (Jul 2014) FAR 52.222-37 Employment Reports on Veterans (Jul 2014) FAR 52.222-40 Notification of Employee Rights Under the National Labor Relations Act (Dec 2010) FAR 52.222-50, Alt I Combating Trafficking in Persons (Aug 2007) FAR 52.223-18 Encouraging Contractor Policies to Ban Text Messaging while Driving (Aug 2011). FAR 52.232-33 Payment by Electronic Funds Transfer- System for Award Management (Jul 2013) FAR 52.232-36 Payment by Third Party (May 2014) FAR 52.233-3 Protest After Award (Aug 1996) FAR 52.233-4 Applicable Law for Breach of Contract Claims (Oct 2004) The following additional FAR clauses by reference are applicable: FAR 52.204-7 System for Award Management (JUL 2013) FAR 52.216-24 Limitation of Government Liability (APR 1984) FAR 52.216-31 Time-and-Materials/Labor-Hour Proposal Requirements - Commercial Item Acquisition (Feb 2007) FAR 52.232-40 Providing Accelerated Payment to Small Business Subcontractors (DEC 2013) FAR 52.232-25 Prompt Payment (Jul 2013) FAR 52.233-2 Service of Protest (SEP 2006) FAR 52.242-15 Stop-Work Order (Aug 1989) FAR 52.242-17 Government Delay of Work (Apr 1984) FAR 52.246-6 Inspection-Time-and-Material and Labor-Hour (May 2001) The following additional FAR clauses by full text are applicable: FAR 52.252-2 Clauses Incorporated by Reference (Feb 1998) This contract incorporates one or more clauses by reference, with the same force and effect as if they were given in full text. Upon request, the Contracting Officer will make their full text available. Also, the full text of a clause may be accessed electronically at this/these address https://www.acquisition.gov/Far/. FAR 52.217-8 Option to Extend Services (Nov 1999) The Government may require continued performance of any services within the limits and at the rates specified in the contract. These rates may be adjusted only as a result of revisions to prevailing labor rates provided by the Secretary of Labor. The option provision may be exercised more than once, but the total extension of performance hereunder shall not exceed 6 months. The Contracting Officer may exercise the option by written notice to the Contractor at any time prior to contract expiration. FAR 52.217-9 Option to Extend the Term of the Contract (Mar 2000) (a) The Government may extend the term of this contract by written notice to the Contractor any time prior to the contract expiration date; provided that the Government gives the Contractor a preliminary written notice of its intent to extend at least thirty (30) days before the contract expires. The preliminary notice does not commit the Government to an extension. (b) If the Government exercises this option, the extended contract shall be considered to include this option clause. (c) The total duration of this contract, including the exercise of any options under this clause, shall not exceed five (5) years. The following HHSAR clauses cited in this clause are applicable:, 352.202-1 Definitions (Jan 2006) 352.203-70 Anti-lobbying (Jan 2006) 352.215-70 Late proposals and revisions (Jan 2006) 352.222-70 Contractor Cooperation in Equal Employment Opportunity Investigations (Jan 2010) 352.223-70 Safety and health (Jan 2006) 352.224-70 Privacy Act (Jan 2006) 352.228-7 Insurance--Liability to third persons (Dec 1991) 352.231-71 Pricing of Adjustments (Jan 2001) 352.233-71 Litigation and claims (Jan 2006) 352.242-73 Withholding of contract payments (Jan 2006) 352.242-71 Tobacco-free Facilities (Jan 2006) 352.242-74 Final decisions on audit findings (Apr 1984) 352.270-1 Accessibility of meetings, conferences, and seminars to persons with disabilities (Jan 2001) 352.270-5 Key Personnel (January 2006) The full text of a clause may be accessed electronically http://farsite.hill.af.mil/VFHHSARA.HTM. The following additional HSSAR clauses by full text are applicable: 352.239-70 Standard for security configurations (Jan 2010) (a) The Contractor shall configure its computers that contain HHS data with the applicable Federal Desktop Core Configuration (FDCC) (see http://nvd.nist.gov/fdcc/index.cfm) and ensure that its computers have and maintain the latest operating system patch level and anti-virus software level. (Note: FDCC is applicable to all computing systems using Windows XP TM and Windows Vista TM, including desktops and laptops-regardless of function-but not including servers.) (b) The Contractor shall apply approved security configurations to information technology (IT) that is used to process information on behalf of HHS. The following security configuration requirements apply: (NOTE: The Contracting Officer shall specify applicable security configuration requirements in solicitations and contracts based on information provided by the Project Officer, who shall consult with the OPDIV/STAFFDIV Chief Information Security Officer.) (c) The Contractor shall ensure IT applications operated on behalf of HHS are fully functional and operate correctly on systems configured in accordance with the above configuration requirements. The Contractor shall use Security Content Automation Protocol (SCAP)-validated tools with FDCC Scanner capability to ensure its products operate correctly with FDCC configurations and do not alter FDCC settings - see http://scap.nist.gov/validation/. The Contractor shall test applicable product versions with all relevant and current updates and patches installed. The Contractor shall ensure currently supported versions of information technology products meet the latest FDCC major version and subsequent major versions. (d) The Contractor shall ensure IT applications designed for end users run in the standard user context without requiring elevated administrative privileges. (e) The Contractor shall ensure hardware and software installation, operation, maintenance, update, and patching will not alter the configuration settings or requirements specified above. (f) The Contractor shall (1) include Federal Information Processing Standard (FIPS) 201-compliant (see http://csrc.nist.gov/publications/fips/fips201-1/FIPS-201-1-chng1.pdf), Homeland Security Presidential Directive 12 (HSPD-12) card readers with the purchase of servers, desktops, and laptops; and (2) comply with FAR Subpart 4.13, Personal Identity Verification. (g) The Contractor shall ensure that its subcontractors (at all tiers) which perform work under this contract comply with the requirements contained in this clause. 352.239-71 Standard for encryption language (January 2010) (a) The Contractor shall use Federal Information Processing Standard (FIPS) 140-2-(PDF) compliant encryption (Security Requirements for Cryptographic Module, as amended) to protect all instances of HHS sensitive information during storage and transmission. (Note: The Government has determined that HHS information under this contract is considered "sensitive" in accordance with FIPS 199, Standards for Security Categorization of Federal Information and Information Systems, dated February 2004.) (b) The Contractor shall verify that the selected encryption product has been validated under the Cryptographic Module Validation Program (see http://csrc.nist.gov/cryptval/) to confirm compliance with FIPS 140-2 (as amended). The Contractor shall provide a written copy of the validation documentation to the Contracting Officer and the Contracting Officer's Technical Representative. (c) The Contractor shall use the Key Management Key (see FIPS 201, Chapter 4, as amended) on the HHS personal identification verification (PIV) card; or alternatively, the Contractor shall establish and use a key recovery mechanism to ensure the ability for authorized personnel to decrypt and recover all encrypted information (see http://csrc.nist.gov/drivers/documents/ombencryption-guidance.pdf). The Contractor shall notify the Contracting Officer and the Contracting Officer's Technical Representative of personnel authorized to decrypt and recover all encrypted information. (d) The Contractor shall securely generate and manage encryption keys to prevent unauthorized decryption of information in accordance with FIPS 140-2 (as amended). (e) The Contractor shall ensure that this standard is incorporated into the Contractor's property management/control system or establish a separate procedure to account for all laptop computers, desktop computers, and other mobile devices and portable media that store or process sensitive HHS information. (f) The Contractor shall ensure that its subcontractors (at all tiers) which perform work under this contract comply with the requirements contained in this clause. 352.239-72 Security requirements for federal information technology resources (Jan 2010) (a) Applicability. This clause applies whether the entire contract or order (hereafter "contract"), or portion thereof, includes information technology resources or services in which the Contractor has physical or logical (electronic) access to, or operates a Department of Health and Human Services (HHS) system containing, information that directly supports HHS' mission. The term "information technology (IT)", as used in this clause, includes computers, ancillary equipment (including imaging peripherals, input, output, and storage devices necessary for security and surveillance), peripheral equipment designed to be controlled by the central processing unit of a computer, software, firmware and similar procedures, services (including support services) and related resources. This clause does not apply to national security systems as defined in FISMA. (b) Contractor responsibilities. The Contractor is responsible for the following: (1) Protecting federal information and federal information systems in order to ensure their- (i) Integrity, which means guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity; (ii) Confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information; and. (iii) Availability, which means ensuring timely and reliable access to and use of information. (2) Providing security of any Contractor systems, and information contained therein, connected to an HHS network or operated by the Contractor, regardless of location, on behalf of HHS. (3) Adopting, and implementing, at a minimum, the policies, procedures, controls, and standards of the HHS Information Security Program to ensure the integrity, confidentiality, and availability of federal information and federal information systems for which the Contractor is responsible under this contract or to which it may otherwise have access under this contract. The HHS Information Security Program is outlined in the HHS Information Security Program Policy, which is available on the HHS Office of the Chief Information Officer's (OCIO) website. (c) Contractor security deliverables. In accordance with the timeframes specified, the Contractor shall prepare and submit the following security documents to the Contracting Officer for review, comment, and acceptance: (1) IT Security Plan (IT-SP) - due within 30 days after contract award. The IT-SP shall be consistent with, and further detail the approach to, IT security contained in the Contractor's bid or proposal that resulted in the award of this contract. The IT-SP shall describe the processes and procedures that the Contractor will follow to ensure appropriate security of IT resources that are developed, processed, or used under this contract. If the IT-SP only applies to a portion of the contract, the Contractor shall specify those parts of the contract to which the IT-SP applies. (i) The Contractor's IT-SP shall comply with applicable federal laws that include, but are not limited to, the Federal Information Security Management Act (FISMA) of 2002 (PDF) (Title III of the E-Government Act of 2002, Public Law 107-347), and the following federal and HHS policies and procedures: (A) Office of Management and Budget (OMB) Circular A-130, Management of Federal Information Resources, Appendix III, Security of Federal Automated Information Resources. (B) National Institute of Standards and Technology (NIST) Special Publication (SP) 800-18 (PDF), Guide for Developing Security Plans for Federal Information Systems, in form and content, and with any pertinent contract Statement of Work/Performance Work Statement (SOW/PWS) requirements. The IT-SP shall identify and document appropriate IT security controls consistent with the sensitivity of the information and the requirements of Federal Information Processing Standard (FIPS) 200, Recommended Security Controls for Federal Information Systems. The Contractor shall review and update the IT-SP in accordance with NIST SP 800-26, Security Self-Assessment Guide for Information Technology Systems and FIPS 200, on an annual basis. (C) HHS-OCIO Information Systems Security and Privacy Policy. (ii) After resolution of any comments provided by the Government on the draft IT-SP, the Contracting Officer shall accept the IT-SP and incorporate the Contractor's final version into the contract for Contractor implementation and maintenance. On an annual basis, the Contractor shall provide to the Contracting Officer verification that the IT-SP remains valid. (2) IT Risk Assessment (IT-RA) - due within 30 days after contract award. The IT-RA shall be consistent, in form and content, with NIST SP 800-30, Risk Management Guide for Information Technology Systems, and any additions or augmentations described in the HHS-OCIO Information Systems Security and Privacy Policy. After resolution of any comments provided by the Government on the draft IT-RA, the Contracting Officer shall accept the IT-RA and incorporate the Contractor's final version into the contract for Contractor implementation and maintenance. The Contractor shall update the IT-RA on an annual basis. (3) FIPS 199 Standards for Security Categorization of Federal Information and Information Systems Assessment (FIPS 199 Assessment) - due within 30 days after contract award. The FIPS 199 Assessment shall be consistent with the cited NIST standard. After resolution of any comments by the Government on the draft FIPS 199 Assessment, the Contracting Officer shall accept the FIPS 199 Assessment and incorporate the Contractor's final version into the contract. (4) IT Security Certification and Accreditation (IT-SC&A) - due within 3 months after contract award. The Contractor shall submit written proof to the Contracting Officer that an IT-SC&A was performed for applicable information systems - see paragraph (a) of this clause. The Contractor shall perform the IT-SC&A in accordance with the HHS Chief Information Security Officer's Certification and Accreditation Checklist; NIST SP 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems; and NIST SP 800-53, Recommended Security Controls for Federal Information Systems. An authorized senior management official shall sign the draft IT-SC&A and provide it to the Contracting Officer for review, comment, and acceptance. (i) After resolution of any comments provided by the Government on the draft IT-SC&A, the Contracting Officer shall accept the IT-SC&A and incorporate the Contractor's final version into the contract as a compliance requirement. (ii) The Contractor shall also perform an annual security control assessment and provide to the Contracting Officer verification that the IT-SC&A remains valid. Evidence of a valid system accreditation includes written results of (A) annual testing of the system contingency plan and (B) the performance of security control testing and evaluation. (d) Personal identity verification. The Contractor shall identify its employees with access to systems operated by the Contractor for HHS or connected to HHS systems and networks. The Contracting Officer's Technical Representative (COR) shall identify, for those identified employees, position sensitivity levels that are commensurate with the responsibilities and risks associated with their assigned positions. The Contractor shall comply with the HSPD-12 requirements contained in "HHS-Controlled Facilities and Information Systems Security" requirements specified in the SOW/PWS of this contract. (e) Contractor and subcontractor employee training. The Contractor shall ensure that its employees, and those of its subcontractors, performing under this contract complete HHS-furnished initial and refresher security and privacy education and awareness training before being granted access to systems operated by the Contractor on behalf of HHS or access to HHS systems and networks. The Contractor shall provide documentation to the COR evidencing that Contractor employees have completed the required training. (f) Government access for IT inspection. The Contractor shall afford the Government access to the Contractor's and subcontractors' facilities, installations, operations, documentation, databases, and personnel used in performance of this contract to the extent required to carry out a program of IT inspection (to include vulnerability testing), investigation, and audit to safeguard against threats and hazards to the integrity, confidentiality, and availability, of HHS data or to the protection of information systems operated on behalf of HHS. (g) Subcontracts. The Contractor shall incorporate the substance of this clause in all subcontracts that require protection of federal information and federal information systems as described in paragraph (a) of this clause, including those subcontracts that- (1) Have physical or electronic access to HHS' computer systems, networks, or IT infrastructure; or (2) Use information systems to generate, store, process, or exchange data with HHS or on behalf of HHS, regardless of whether the data resides on a HHS or the Contractor's information system. (h) Contractor employment notice. The Contractor shall immediately notify the Contracting Officer when an employee either begins or terminates employment (or is no longer assigned to the HHS project under this contract), if that employee has, or had, access to HHS information systems or data. (i) Document information. The Contractor shall contact the Contracting Officer for any documents, information, or forms necessary to comply with the requirements of this clause. (j) Contractor responsibilities upon physical completion of the contract. The Contractor shall return all HHS information and IT resources provided to the Contractor during contract performance and certify that all HHS information has been purged from Contractor-owned systems used in contract performance. (k) Failure to comply. Failure on the part of the Contractor or its subcontractors to comply with the terms of this clause shall be grounds for the Contracting Officer to terminate this contract. 352.239-73 Electronic Information and Technology Accessibility (Jan 2010) (a) Pursuant to Section 508 of the Rehabilitation Act of 1973 (29 U.S.C. 794d), as amended by the Workforce Investment Act of 1998, all electronic and information technology (EIT) products and services developed, acquired, maintained, or used under this contract/order must comply with the "Electronic and Information Technology Accessibility Provisions" set forth by the Architectural and Transportation Barriers Compliance Board (also referred to as the "Access Board") in 36 CFR Part 1194. Information about Section 508 is available at http://www.section508.gov/. The complete text of Section 508 Final Provisions can be accessed at http://www.access-board.gov/sec508/standards.htm. (b) The Section 508 accessibility standards applicable to this contract/order are identified in the Statement of Work/Specification/Performance Work Statement. The Contractor must provide a written Section 508 conformance certification due at the end of each contract/order exceeding $150,000 when the contract/order duration is one year or less. If it is determined by the Government that EIT products and services provided by the Contractor do not conform to the described accessibility standards in the Product Assessment Template, remediation of the products or services to the level of conformance specified in the Contractor's Product Assessment Template will be the responsibility of the Contractor at its own expense. (c) In the event of a modification(s) to this contract/order, which adds new EIT products or services or revises the type of, or specifications for, products or services the Contractor is to provide, including EIT deliverables such as electronic documents and reports, the Contracting Officer may require that the contractor submit a completed HHS Section 508 Product Assessment Template to assist the Government in determining that the EIT products or services support Section 508 accessibility standards. Instructions for documenting accessibility via the HHS Section 508 Product Assessment Template may be found under Section 508 policy on the HHS Office on Disability website (http://www.hhs.gov/od/). 352.242-73 Withholding of contract payments (Jan 2006) Notwithstanding any other payment provisions of this contract, failure of the Contractor to submit required reports when due or failure to perform or deliver required work, supplies, or services, may result in the withholding of payments under this contract unless such failure arises out of causes beyond the control, and without the fault or negligence of the Contractor as defined by the clause entitled ‘‘Excusable Delays'' or ‘‘Default,'' as applicable. The Government will immediately notify the Contractor of its intention to withhold payment of any invoice or voucher submitted. The Defense Priorities and Allocations System (DPAS) and assigned rating are not applicable to this solicitation notice. Offerors must submit all questions regarding this RFQ to Tammy Wright, via email at tammy.wright@fda.hhs.gov. The FDA must receive the questions no later than 4:30 PM, Eastern Time, Monday, December 15, 2014. The subject line must read: Solicitation No. FDA-15-1138367. FDA will not answer questions received after this date and time, and will not answer questions submitted to individuals other than the named contact point (no phone calls, please). RFQ questions and FDA responses will be posted to the Federal Business Opportunities (FedBizOpps) web site. It is the vendor's responsibility to check the FedBizOpps web site for the questions and answers and any other amendments issued for this RFQ. All responsible sources may submit a quote, which, if timely received, will be considered. The quote must reference solicitation number FDA-15-1138367. The offers are due in person, by postal mail or email to the point of contact listed below, by no later than December 29, 2014, by 12:00 PM, Eastern Time at the Food and Drug Administration, OO/OAGS, Attn: Tammy Wright, 5630 Fishers Lane, Room 2117, HFA-500, Rockville, Maryland 20857. Offerors must ensure the RFQ number is visible in the subject line of the email. Faxed offers will not be accepted. Late submissions will be treated in accordance with the solicitation provision at FAR 52.212-1(f). For information regarding this solicitation, please contact Tammy Wright by phone on (240) 402-7587, or email: tammy,wright@fda.hhs.gov.
 

Web Link

FBO.gov Permalink
(https://www.fbo.gov/spg/HHS/FDA/NCTR/FDA-15-1138367/listing.html)
 

Place of Performance

Address: Center of Veterinary Medicine (CVM), 7500 Standish Place, Rockville, Maryland, 20855, United States

Zip Code: 20855
 

Record

SN03604081-W 20141225/141223235200-ffa885595e194b736c431b30578add10 (fbodaily.com)
 

Source

FedBizOpps Link to This Notice
(may not be valid after Archive Date)

---

| FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |